sb-au logo
Story image

Evasive malware reaches record levels - WatchGuard report

25 Mar 2020

WatchGuard’s most recent Internet Security Report indicates that malware cases are surging again, with ‘evasive’ malware reaching record levels.

According to the data, collected from WatchGuard’s Firebox security appliances over Q4 2019, evasive malware accounted for two thirds of all detections – a massive jump from the 2019 average of 35%.

“Q4 2019 saw an explosion in zero day malware (which is malware that signature-based protections missed during the first few days or weeks of its release) reaching an all-time high of 68% of total detected malware. This is up from the approximate 37% average of 2018 and 2019, making Q4 2019  the worst malware quarter on our books,” the report says.

WatchGuard suggests that evasive malware is now becoming the norm rather than the exception, which means organisations that need to protect themselves must deploy even more advanced anti-malware solutions.

“Our findings from Q4 2019 show that threat actors are always evolving their attack methods,” says WatchGuard’s chief technology officer Corey Nachreiner.

“With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses, and innovations like Mac adware on the rise, businesses of all sizes need to invest in multiple layers of security. Advanced AI or behavioural-based anti-malware technology and robust phishing protection like DNS filtering will be especially crucial.”

The report also notes that phishing campaigns and malware are still exploiting old software vulnerabilities. A ‘dropper’ exploit ranked number seven on WatchGuard’s top malware list targets a Microsoft Excel vulnerability from 2017. It downloads malware including the Agent Tesla keylogger. The dropper heavily targeted the United Kingdom, Germany, and New Zealand.

The report also found that hackers are opting for automated malware distribution because many attacks hit 70-80% of all Fireboxes in a single country. This could be explained by automation, WatchGuard states.

SQL injection attacks became the top network attack in 2019, the report says.  – SQL injection attacks grew % in total between 2018 and 2019, becoming the most common network attack of the year by a significant margin.

Mac adware also became more popular in Q4. WatchGuard explains that one of the top compromised websites WatchGuard detected in hosts a macOS adware called Bundlore that masquerades as an Adobe Flash update. This lines up with a MalwareBytes report from February 2020 that showed a rise in Mac malware, particularly adware.

In Q4 2019 Firebox appliances blocked over 34,500,000 malware variants in total (859.5 samples per device) and approximately 1,879,000 network attacks (47 attacks per device).

Story image
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Story image
Interview: Acronis co-founder on going all-in for DLP
Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.More
Story image
Interview: ThreatQuotient champions threat intelligence through virtual 'situation rooms'
To understand what it involves and some of the collaboration challenges that come with distributing threat intelligence amongst specialised security teams, we spoke to ThreatQuotient APJC regional director Anthony Stitt.More
Link image
True SASE. True zero trust. True cloud.
Secure Access Service Edge (SASE) is the new way of unifying security. Use the combined power of threat protection and data loss prevention to protect data, users, and systems safe when people are now working from almost anywhere.More
Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Download image
Your VPN deserves more than a username and password
Are the people logging into your networks who they say they are?More